Attackers Can Steal Session Cookies and CSRF Protection Tokens via User Interaction
CVE-2024-31503

7.5HIGH

Key Information:

Vendor: Dolibarr
Status: Dolibarr Erp\/crm
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-31503?

An access control vulnerability has been identified in Dolibarr ERP CRM that affects versions up to 19.0.0. This flaw enables authenticated attackers to exploit incorrect access controls, leading to the potential theft of session cookies and CSRF protection tokens. By tricking users into interacting with a malicious web page, attackers can facilitate unauthorized actions and potentially gain full control over user accounts.

References

https://github.com/alexbsec/CVEs/blob/master/2024/CVE-202...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024

CVE-2024-31503 Data

JSON